Examining The Failure Of The Iowa Caucuses Smartphone App
AUDIE CORNISH, HOST:
And the apology from Shadow Inc. begins, we sincerely regret the delay. Shadow is behind the smartphone app that caused reporting problems for Iowa Democratic Party caucuses. It wreaked chaos for caucus chairs like Holly Christine Brown, the Asian/Pacific Islander Caucus Chair. As she told our Morning Edition host, there wasn't much training.
(SOUNDBITE OF ARCHIVED NPR BROADCAST)
HOLLY CHRISTINE BROWN: I got access to the app on Friday evening. And we were just given access to the app and told, you know, play around in there a little bit. And that was about as much training as we got.
CORNISH: Joining me via Skype to talk about cybersecurity and elections is Betsy Cooper with the Aspen Institute. Welcome to the program.
BETSY COOPER: Thank you so much for having me.
CORNISH: So what were the questions people had going in for the makers of this app, which - at first, I gather, people didn't even know who it was?
COOPER: Right. So we were actually trying to investigate this in January, and we couldn't get any information whatsoever about who was making the app or how it had been tested. I think some of the questions were, will the app work? - clearly, not as expected. Do people know how to use it? Did they get adequate training in advance? Does it do the numerical calculations correctly? And then, of course, is it secure? Will it be susceptible to cyberattacks?
CORNISH: We know that the Iowa state party has said, look. This isn't a hack. Is it too soon for them to say something like that? I mean, as someone who works in cybersecurity, what do you make of the explanation so far?
COOPER: I mean, I would be quite skeptical of knowing for sure that there was no hack. I'm sure that they are investigating that deeply, and, you know, they may be able to identify the cause. We don't have that full information yet, but I do believe that there are lots of different reasons someone could try to access the app. It could be to collect information. It could be for intelligence-gathering. So it would be very hard to know at this early stage whether there was any unauthorized access on the back end.
CORNISH: And we said for now, they're saying, look. We just had problems with how it was working. I don't know if you know anything about Shadow, but is there a scenario where this could have worked?
COOPER: So I think that there's definitely the possibility of using online tools to enable and facilitate elections, but in this case, the testing wasn't sufficient. They clearly had not done sufficient testing to determine even that the numbers would be calculated correctly. And so the only thing that saves the situation is that they had paper backups ready in order to be able to actually verify the votes. This could have been an even bigger disaster if those paper backups were not available.
CORNISH: Nevada says they are not going to use it for their caucuses. Does that make sense, I mean, for people to back away from this kind of technology altogether?
COOPER: I don't think we should say never, but I do think in this particular case, Nevada is making a smart decision. Clearly, the app is not ready for prime time. And so let's only go through this once in this election cycle.
CORNISH: In their apology, they also apologize for the uncertainty, quote, "it's caused to candidates, their campaigns and Democratic caucus-goers." What else is on your mind regarding the 2020 elections?
COOPER: Well, obviously, there are a number of states that don't have paper backups, and so that is deeply disconcerting, especially now that we've seen that it may not be just due to hacks that we should be concerned but just due to user error and not having the app set up correctly. I think we also need to be aware of sort of the cybersecurity ramifications more broadly in our elections. Clearly, there are lots of people who care deeply about influencing the way that our elections are working, and this is just a very early sign that it's not going to necessarily be smooth throughout the entire process.
CORNISH: That's Betsy Cooper, cybersecurity expert with the Aspen Institute.
Thank you for your time.
COOPER: Thanks so much for having me.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.